Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 07:36

    csarven on main

    Some links to issues (compare)

  • 07:36
    csarven closed #331
  • 05:58
    damooo commented #329
  • 01:21
    crspybits opened #331
  • Oct 22 20:20
    kjetilk commented #330
  • Oct 22 18:57
    jeff-zucker commented #227
  • Oct 22 17:36
    RubenVerborgh commented #330
  • Oct 22 17:33
    RubenVerborgh commented #227
  • Oct 22 17:02
    jeff-zucker commented #227
  • Oct 22 16:45
    jeff-zucker commented #227
  • Oct 22 14:20

    csarven on main

    Minor (compare)

  • Oct 22 13:04
    kjetilk commented #330
  • Oct 22 11:44
    bblfish commented #325
  • Oct 22 11:31
    bblfish commented #325
  • Oct 22 10:45
    bblfish commented #325
  • Oct 22 10:43
    bblfish commented #325
  • Oct 22 10:09

    csarven on main

    Add W3C CEPC to Topics (compare)

  • Oct 22 09:59
    RubenVerborgh commented #325
  • Oct 22 09:49
    bblfish commented #325
  • Oct 22 09:48
    bblfish commented #325
Ghost
@ghost~5bfd3ed4d73408ce4fb0367e
I like trinpod, I just want to know how to hack it
Sarven Capadisli
@csarven
@dmitrizagidulin how about we transfer solid/identity-panel#1 to solid/specification repo? (Need to unarchive first and then transfer the issue.) I'm not sure if there is going to be enough material or even resources at this time for a whole panel on identity, but that's for participants to decide. If you want to revive, lead it. If in the foreseeable future it is just about having the Solid ecosystem incorporate DID or WebID being compatible with DID, then maybe issue in solid/specification will suffice.
Fred Gibson
@gibsonf1
@mikeadams1 the short webid and TrinPod output are now fully compliant: https://frederick.trinpod.us/@ (fixed those pesky periods)
Fred Gibson
@gibsonf1
@namedgraph_twitter the turtle should be fully compliant now (please let me know if you see any other issues)
Ghost
@ghost~5bfd3ed4d73408ce4fb0367e
@gibsonf1 for some reason mashlib does not resolve to /card#me but it does resolve /card
congrats by the way
Dmitri Zagidulin
@dmitrizagidulin
@csarven I think that would be great! (re that issue)
Fred Gibson
@gibsonf1
@mikeadams1 there is no longer any /profile/card#me - we only have the /@ now which 303 redirects to /profile/card
Ghost
@ghost~5bfd3ed4d73408ce4fb0367e
👍
Matthias Evering
@ewingson
interesting solution, @gibsonf1
so the subdomain represents the user
Sarven Capadisli
@csarven
@dmitrizagidulin Cool. That should give us a bit more incentive to push it. Something you wanted to do any way. Like by end of this week right?
Now live in technicolour: solid/specification#217
Ghost
@ghost~5bfd3ed4d73408ce4fb0367e
So is the username and the web ID also? How do you resolve user name?
Fred Gibson
@gibsonf1
its the subdomain of the pod. so username = frederick, and webid = https://frederick.trinpod.us/@
Ghost
@ghost~5bfd3ed4d73408ce4fb0367e
So does the username have the ability to edit root
Fred Gibson
@gibsonf1
For sure we will make it impossible for a user to destroy the usability of their pod inadvertently or intentionally, with the exception of the user being able to cancel their account, download all of their data, and then the system permanently deleting their data
Ghost
@ghost~5bfd3ed4d73408ce4fb0367e
OK not sure what all that means but I think it’s safe to say that user cannot edit route index.HTML
Fred Gibson
@gibsonf1
oh, we don't have an index.html file anywhere for the user
we are a pure graph system where each node is an actual graph node - including a node that represents a file or container
Ghost
@ghost~5bfd3ed4d73408ce4fb0367e
OK I think I understand thank you for sharing that
Fred Gibson
@gibsonf1
I just had a discussion in app-dev about the very important need for apps to be able to trigger a Pod registration flow for new users so that many users won't be lost in the need to click another button on the IDP side to register. The flow for new users being app --> IDP registration (directly - bypassing the generic login page) --> app (logged in with new account) . To make this happen, a simple additional piece of information is needed to send to the IDP, such as landing=registration so that the IDP could go directly to that page
I'm not sure which spec needs to be adjusted to make something like this happen?
elf Pavlik
@elf-pavlik
@gibsonf1 I think we have related issue solid/authentication-panel#46
I think we should work on it as general on-boarding requirements, I don't think user should just create identity with provider suggested by an app they would like to try out.
elf Pavlik
@elf-pavlik
I think solidproject.org should have a directory of identity providers reviewed by a task force responsible of maintaining it
While applications should be able to appear and disappear, identity and data should meet higher standard of permanence.
Given that I wouldn't just go with identity and/or storage provider suggested by some app, neither recommend others to do it.
Fred Gibson
@gibsonf1
Thats definitely a good point. I guess in our case we provide both, but fully understand how extremely important it is to trust the IDP/Pod server side
@elf-pavlik I think the simple solution to the issue is that the IDP can decide, given where the request is coming from, to honor going directly to the registration or not. Wouldn't that solve it?
So that there could also be a list of "trusted" apps in the sense that they can be trusted by the IDP to have good intentions with registering new users to that IDP ?
Aaron Coburn
@acoburn
It’s important to mention that not every IdP will allow users to register for accounts. Some IdPs will sit in front of LDAP or ActiveDirectory, which have entirely different user provisioning considerations. Furthermore, even for IdPs that do allow for user registration, there is no standard for doing so.
Fred Gibson
@gibsonf1
@acoburn That seems to be a situation then that Solid could add that optional messaging to the IdP and influence the spec
Aaron Coburn
@acoburn
That would be a very high bar
Fred Gibson
@gibsonf1
In that case, what would stop Solid from having an optional feature to enable this without officially changing the OpenID spec?
Aaron Coburn
@acoburn
There is almost a 0% chance that we would be changing the OpenID spec.
Optional features are complicated because they need to be discoverable.
Fred Gibson
@gibsonf1
It doesn't seem a stretch to add an key/value to /.well-known/openid-configuration end point, like "request_landing_page" which the server could ignore or not depending on the origin or whether server supports that
Aaron Coburn
@acoburn
Here is the situation: there is a vibrant and mature identity ecosystem based on OpenID Connect. To the extent that Solid can use that ecosystem, that will be a win for Solid. To the extent that Solid tries to change that ecosystem, Solid will find itself in a very long and slow uphill battle. Do you really think Solid will get Google to change its identity infrastructure?
Fred Gibson
@gibsonf1
There is no need for anyone else to change anything about the spec or their implementations for Solid to have this option added I don't think?
Aaron Coburn
@acoburn
It just means that it won’t get implemented unless you want to implement your own IdP. And that is precisely what we want to avoid
Encouraging the Solid community to write servers that manage user credentials is exactly the opposite of what we want developers to be doing
Fred Gibson
@gibsonf1
or actually, since registration_endpoint is already there, and we use that for directing to registration, maybe its a key/value such as initiate_registration = true
Does Inrupt have their own IdP?
Aaron Coburn
@acoburn
The only full-blown, Solid-based IdP that I am aware of is NSS. And I for one have concerns about how credentials are managed in that piece of software
Fred Gibson
@gibsonf1
I didn't realize that, so TrinPod then will be the second one. We manage credentials which are encrypted in an index pod for the server which persists in a graphdb. On installing a TrinPod on a machine with the install script (a single script initiation does it) the system installs all dependencies, starts the system, and creates both an index pod for managing the pods on the system and a digital twin pod of the system
there is no access to the index pod of course, other than the internal system itself
(where from a graphdb perspective, pod = a separate graph in the graphdb)
elf Pavlik
@elf-pavlik

or actually, since registration_endpoint is already there, and we use that for directing to registration, maybe its a key/value such as initiate_registration = true

from: https://openid.net/specs/openid-connect-discovery-1_0.html

registration_endpoint
RECOMMENDED. URL of the OP's Dynamic Client Registration Endpoint [OpenID.Registration].

I don't think it has anything to do with user registration

Fred Gibson
@gibsonf1
that is where we store the path to the IdP registration page